public byte[] export() throws GSSException {
// Defaults to null to match old behavior
byte[] result = null;
// Only allow context export from native provider since JGSS
// still has not defined its own interprocess token format
if (mechCtxt.isTransferable() && mechCtxt.getProvider().getName().equals("SunNativeGSS")) {
result = mechCtxt.export();
}
return result;
}
public GSSCredential getDelegCred() throws GSSException {
if (mechCtxt == null)
throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
GSSCredentialSpi delCredElement = mechCtxt.getDelegCred();
return (delCredElement == null ? null : new GSSCredentialImpl(gssManager, delCredElement));
}
public void dispose() throws GSSException {
currentState = DELETED;
if (mechCtxt != null) {
mechCtxt.dispose();
mechCtxt = null;
}
myCred = null;
srcName = null;
targName = null;
}
@Override
public Object inquireSecContext(InquireType type) throws GSSException {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkPermission(new InquireSecContextPermission(type.toString()));
}
if (mechCtxt == null) {
throw new GSSException(GSSException.NO_CONTEXT);
}
return mechCtxt.inquireSecContext(type);
}
public void verifyMIC(
byte[] inTok,
int tokOffset,
int tokLen,
byte[] inMsg,
int msgOffset,
int msgLen,
MessageProp msgProp)
throws GSSException {
if (mechCtxt != null)
mechCtxt.verifyMIC(inTok, tokOffset, tokLen, inMsg, msgOffset, msgLen, msgProp);
else throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
}
public boolean getIntegState() {
if (mechCtxt != null) return mechCtxt.getIntegState();
else return reqIntegState;
}
public boolean getConfState() {
if (mechCtxt != null) return mechCtxt.getConfState();
else return reqConfState;
}
public boolean isProtReady() {
if (mechCtxt != null) return mechCtxt.isProtReady();
else return false;
}
public boolean isTransferable() throws GSSException {
if (mechCtxt != null) return mechCtxt.isTransferable();
else return false;
}
public boolean getAnonymityState() {
if (mechCtxt != null) return mechCtxt.getAnonymityState();
else return reqAnonState;
}
public int initSecContext(InputStream inStream, OutputStream outStream) throws GSSException {
if (mechCtxt != null && currentState != IN_PROGRESS) {
throw new GSSExceptionImpl(GSSException.FAILURE, "Illegal call to initSecContext");
}
GSSHeader gssHeader = null;
int inTokenLen = -1;
GSSCredentialSpi credElement = null;
boolean firstToken = false;
try {
if (mechCtxt == null) {
if (myCred != null) {
try {
credElement = myCred.getElement(mechOid, true);
} catch (GSSException ge) {
if (GSSUtil.isSpNegoMech(mechOid) && ge.getMajor() == GSSException.NO_CRED) {
credElement = myCred.getElement(myCred.getMechs()[0], true);
} else {
throw ge;
}
}
}
GSSNameSpi nameElement = targName.getElement(mechOid);
mechCtxt = gssManager.getMechanismContext(nameElement, credElement, reqLifetime, mechOid);
mechCtxt.requestConf(reqConfState);
mechCtxt.requestInteg(reqIntegState);
mechCtxt.requestCredDeleg(reqCredDelegState);
mechCtxt.requestMutualAuth(reqMutualAuthState);
mechCtxt.requestReplayDet(reqReplayDetState);
mechCtxt.requestSequenceDet(reqSequenceDetState);
mechCtxt.requestAnonymity(reqAnonState);
mechCtxt.setChannelBinding(channelBindings);
mechCtxt.requestDelegPolicy(reqDelegPolicyState);
objId = new ObjectIdentifier(mechOid.toString());
currentState = IN_PROGRESS;
firstToken = true;
} else {
if (mechCtxt.getProvider().getName().equals("SunNativeGSS")
|| GSSUtil.isSpNegoMech(mechOid)) {
// do not parse GSS header for native provider or SPNEGO
// mech
} else {
// parse GSS header
gssHeader = new GSSHeader(inStream);
if (!gssHeader.getOid().equals((Object) objId))
throw new GSSExceptionImpl(
GSSException.DEFECTIVE_TOKEN,
"Mechanism not equal to " + mechOid.toString() + " in initSecContext token");
inTokenLen = gssHeader.getMechTokenLength();
}
}
byte[] obuf = mechCtxt.initSecContext(inStream, inTokenLen);
int retVal = 0;
if (obuf != null) {
retVal = obuf.length;
if (mechCtxt.getProvider().getName().equals("SunNativeGSS")
|| (!firstToken && GSSUtil.isSpNegoMech(mechOid))) {
// do not add GSS header for native provider or SPNEGO
// except for the first SPNEGO token
} else {
// add GSS header
gssHeader = new GSSHeader(objId, obuf.length);
retVal += gssHeader.encode(outStream);
}
outStream.write(obuf);
}
if (mechCtxt.isEstablished()) currentState = READY;
return retVal;
} catch (IOException e) {
throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN, e.getMessage());
}
}
public void acceptSecContext(InputStream inStream, OutputStream outStream) throws GSSException {
if (mechCtxt != null && currentState != IN_PROGRESS) {
throw new GSSExceptionImpl(GSSException.FAILURE, "Illegal call to acceptSecContext");
}
GSSHeader gssHeader = null;
int inTokenLen = -1;
GSSCredentialSpi credElement = null;
try {
if (mechCtxt == null) {
// mechOid will be null for an acceptor's context
gssHeader = new GSSHeader(inStream);
inTokenLen = gssHeader.getMechTokenLength();
/*
* Convert ObjectIdentifier to Oid
*/
objId = gssHeader.getOid();
mechOid = new Oid(objId.toString());
// System.out.println("Entered GSSContextImpl.acceptSecContext"
// + " with mechanism = " + mechOid);
if (myCred != null) {
credElement = myCred.getElement(mechOid, false);
}
mechCtxt = gssManager.getMechanismContext(credElement, mechOid);
mechCtxt.setChannelBinding(channelBindings);
currentState = IN_PROGRESS;
} else {
if (mechCtxt.getProvider().getName().equals("SunNativeGSS")
|| (GSSUtil.isSpNegoMech(mechOid))) {
// do not parse GSS header for native provider and SPNEGO
} else {
// parse GSS Header
gssHeader = new GSSHeader(inStream);
if (!gssHeader.getOid().equals((Object) objId))
throw new GSSExceptionImpl(
GSSException.DEFECTIVE_TOKEN,
"Mechanism not equal to " + mechOid.toString() + " in acceptSecContext token");
inTokenLen = gssHeader.getMechTokenLength();
}
}
byte[] obuf = mechCtxt.acceptSecContext(inStream, inTokenLen);
if (obuf != null) {
int retVal = obuf.length;
if (mechCtxt.getProvider().getName().equals("SunNativeGSS")
|| (GSSUtil.isSpNegoMech(mechOid))) {
// do not add GSS header for native provider and SPNEGO
} else {
// add GSS header
gssHeader = new GSSHeader(objId, obuf.length);
retVal += gssHeader.encode(outStream);
}
outStream.write(obuf);
}
if (mechCtxt.isEstablished()) {
currentState = READY;
}
} catch (IOException e) {
throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN, e.getMessage());
}
}
public GSSName getTargName() throws GSSException {
if (targName == null) {
targName = GSSNameImpl.wrapElement(gssManager, mechCtxt.getTargName());
}
return targName;
}
public int getLifetime() {
if (mechCtxt != null) return mechCtxt.getLifetime();
else return reqLifetime;
}
public void verifyMIC(InputStream tokStream, InputStream msgStream, MessageProp msgProp)
throws GSSException {
if (mechCtxt != null) mechCtxt.verifyMIC(tokStream, msgStream, msgProp);
else throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
}
public void getMIC(InputStream inStream, OutputStream outStream, MessageProp msgProp)
throws GSSException {
if (mechCtxt != null) mechCtxt.getMIC(inStream, outStream, msgProp);
else throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
}
public byte[] getMIC(byte[] inMsg, int offset, int len, MessageProp msgProp) throws GSSException {
if (mechCtxt != null) return mechCtxt.getMIC(inMsg, offset, len, msgProp);
else throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
}
public byte[] wrap(byte inBuf[], int offset, int len, MessageProp msgProp) throws GSSException {
if (mechCtxt != null) return mechCtxt.wrap(inBuf, offset, len, msgProp);
else throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
}
public int getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize) throws GSSException {
if (mechCtxt != null) return mechCtxt.getWrapSizeLimit(qop, confReq, maxTokenSize);
else throw new GSSExceptionImpl(GSSException.NO_CONTEXT, "No mechanism context yet!");
}
public GSSName getSrcName() throws GSSException {
if (srcName == null) {
srcName = GSSNameImpl.wrapElement(gssManager, mechCtxt.getSrcName());
}
return srcName;
}
public boolean getCredDelegState() {
if (mechCtxt != null) return mechCtxt.getCredDelegState();
else return reqCredDelegState;
}
public Oid getMech() throws GSSException {
if (mechCtxt != null) {
return mechCtxt.getMech();
}
return mechOid;
}
public boolean getMutualAuthState() {
if (mechCtxt != null) return mechCtxt.getMutualAuthState();
else return reqMutualAuthState;
}
public boolean getReplayDetState() {
if (mechCtxt != null) return mechCtxt.getReplayDetState();
else return reqReplayDetState;
}
public boolean getSequenceDetState() {
if (mechCtxt != null) return mechCtxt.getSequenceDetState();
else return reqSequenceDetState;
}
@Override
public boolean getDelegPolicyState() {
if (mechCtxt != null) return mechCtxt.getDelegPolicyState();
else return reqDelegPolicyState;
}
/**
* Creates a GSSContextImpl out of a previously exported GSSContext.
*
* @see #isTransferable
*/
public GSSContextImpl(GSSManagerImpl gssManager, byte[] interProcessToken) throws GSSException {
this.gssManager = gssManager;
mechCtxt = gssManager.getMechanismContext(interProcessToken);
initiator = mechCtxt.isInitiator();
this.mechOid = mechCtxt.getMech();
}